WikiLeaks Releases Alleged CIA Hacking Secrets

The lobby of the CIA Headquarters Building in Langley, Virginia, U.S. on Aug. 14, 2008.Reuters, file

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.

March 7, 2017 / 3:08 PM GMT / Updated March 7, 2017 / 3:08 PM GMT

By Ken Dilanian and Tom Winter

The anti-secrecy organization WikiLeaks posted thousands of documents Tuesday purporting to reveal CIA hacking secrets, including suggestions that the spy agency is able to turn smart televisions into listening devices and defeat encrypted communications apps such as Signal or WhatsApp.

NBC News has not verified the authenticity of the documents, but computer experts and former intelligence officials were treating them as real. A CIA spokesman declined to comment.

"We do not comment on the authenticity or content of purported intelligence documents," the CIA's Jonathan Liu told NBC News.

As part of its release, WikiLeaks made the extraordinary claim that the CIA "lost control of the majority of its hacking arsenal," including a series of tools that experts say could be turned against Americans. U.S. officials would neither confirm nor deny that allegation.

"This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA," WikiLeaks said in a news release. "The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive."

"The real story here is the government cannot secure these tools," said Mark Rasch, a former Justice Department computer crimes prosecutor. "This is akin to anthrax the government has in a lab somewhere. If it gets out, it’s dangerous to all of us."

WikiLeaks founder Julian Assange said in a statement that the files in its possession are the most comprehensive release of U.S. spying documents ever, even more significant than the huge trove of National Security Agency secrets exposed by former agency contractor Edward Snowden. Assange said the documents came to WikiLeaks from a U.S. intelligence contractor. WikiLeaks redacted the names of purported CIA officers and withheld the actual hacking tools it said might allow hackers to seize control of machines.

Some experts who began examining the documents are not so sure of their significance.

"Even if it’s real, I’m not sure how damaging it is," said Matthew Green, a computer science professor at Johns Hopkins University. "It seems to be an indication that the CIA does things we assumed it was doing."

Jeremy Bash, a former chief of staff at the CIA, said he was skeptical that the agency’s entire hacking operation had been exposed.

And, he said, "once the makers of consumer devices know what’s out there, they can build the right defenses."

"Some of this stuff looks real, but there are a lot of discrepancies," said James Lewis, a cyber security expert with the Center for Strategic and International Studies. He added that it's unlikely that so many classified CIA hacking programs would be available to the same person. "This stuff is usually compartmentalized and it’s unusual to have all the compartments put together."

"The alternative hypothesis is that the Russians have done it again to confuse the story in the U.S. I find that at least as persuasive as the one WikiLeaks is peddling."

Still, if secret CIA hacking information came into the possession of WikiLeaks, a group the U.S. says has cooperated closely with Russian intelligence, it represents yet another serious breach of sensitive U.S. intelligence data after the case of Snowden and the subsequent charges against Harold Martin, an NSA contractor accused of taking home a huge tranche of secrets.

WikiLeaks has more than 8,700 documents created from 2013 to 2016 that were housed in a database belonging to the CIA's Center for Cyber Intelligence, says Assange.

The documents, which he described as the CIA’s hacking "arsenal," purport to show how Britain's MI5 and the CIA collaborated to take control of microphones on Samsung Smart TVs, found ways around anti-virus software, and got access to the iPhone and Android phone platforms, among many other revelations.

PSA: This incorrectly implies CIA hacked these apps / encryption. But the docs show iOS/Android are what got hacked - a much bigger problem. https://t.co/Bw9AkBpOdt